With cyber crime spreading across the globe, Russian security firm Kaspersky Lab, has just uncovered a massive cyber attack codenamed ‘Flame.’ The malicious program was detected as Worm.Win32.Flame and is believed to have been operational since 2010. Kaspersky believes that the cyber attacks are state-sponsored, however, this information isn't confirmed yet, it told BBC. On infecting a system, Flame begins with its set of complex operations, which is inclusive of sniffing the network traffic, taking screenshots, recording audio conversations, intercepting the keyboard, and even monitoring the display. The information is then sent to a network of command-and-control servers located in many different parts of the world.The first instance of the malware's activities was detected in Iran and the other countries affected by it are Israel, Sudan, Syria, Lebanon, Saudi Arabia and Egypt. The malware has been collecting private data from these countries. Describing it as "one of the most complex threats ever discovered," the research into the attack had been carried in conjunction with UN's International Telecommunication Union. Also being investigated is another malware threat, called Wiper that has been deleting data in western Asia. However, although Flame has done no evident damage, it has been actively collecting very critical data.
The most deadly yet?
Flame is said to be the most advanced and complete attack-toolkits ever discovered. It has hit more than 600 targets ranging from individuals to businesses and government systems. Kasperky Labs' chief expert, Alexander Gostev said in a statement. "One of the most alarming facts is that the Flame cyber-attack campaign is currently in its active phase, and its operator is consistently surveilling infected systems, collecting information and targeting new systems to accomplish its unknown goals."
Earlier we saw the Stuxnet computer virus that wreaked havoc on Iran's nuclear program and later the country detected the Duqu computer virus, which claimed to be based on Stuxnet. However, the new malware code is said to be 20 times larger than Stuxnet and the Flame package of modules is reportedly huge at 20 MB when completely deployed. Flame is called huge because it includes libraries, like zlib, libbz2, ppmd for compression and sqlite3 for database manipulation, along with a LUA (a scripting language) virtual machine. Many parts of Flame have high order logic written in the scripting language with effective attack subroutines and libraries compiled from C++.
"The Flame malware looks to be another phase in this war, and it's important to understand that such cyber weapons can easily be used against any country," Kaspersky said in a statement. "Unlike with conventional warfare, the more developed countries are actually the most vulnerable in this case."
Prof. Alan Woodward, a computing professor from University of Surrey also believes that just like Stuxnet, Flame can also be spread by a USB stick, but has ‘unusual’ data-stealing features and likens it to a vacuum cleaner. He calls it an extremely advanced attack and more like a toolkit for compiling different code-based weapons than a single tool.
Flame has been termed as a backdoor, a Trojan, and has worm-like features. It is capable of replicating in a local network and on removable media as well. Flame first sniffs network traffic, takes screenshots, records audio conversations via microphone, compresses it and sends it back to the attacker, and intercepts the keyboard. After initial Flame malware has infected a system, more modules are added to perform specific tasks, just like adding apps to a smartphone. As it comes across as a sophisticated work, Kaspersky believes that the cyber attack could be state sponsored. Kaspersky Lab’s experts are currently conducting deeper analysis of Flame and over the coming days a series of blog posts will reveal more details about it.
Published Date: May 29, 2012 01:59 pm | Updated Date: May 29, 2012 01:59 pm